What Is Atomic Rollback
Atomic rollback is a deployment mechanism where system changes either apply completely or not at all, enabling instant reversion to a known-good state. On osModa, atomic rollback is powered by NixOS generations and the SafeSwitch automated health-check mechanism.
Why Atomic Matters
Traditional deployment systems apply changes incrementally: update package A, then package B, then restart service C. If the process fails midway, the system is left in a partially updated state -- some components are on the new version, others are on the old. Diagnosing and recovering from these partial states is time-consuming and error-prone.
Atomic deployment eliminates partial states entirely. The entire new configuration is built in isolation. The switch from old to new happens in a single operation (a symlink change in NixOS). If the new configuration is broken, switching back to the old configuration is equally atomic. The system is always in a fully consistent, known state.
NixOS Generations
NixOS implements atomic rollback through a concept called generations. Each generation is a complete, self-contained snapshot of the system configuration: all installed packages, all configuration files, all service definitions, all user accounts, and all firewall rules. When you deploy a new configuration, NixOS creates a new generation. The previous generation remains on disk, untouched.
Switching between generations is a symlink operation that takes seconds, not minutes. The new generation does not overwrite the old one -- both coexist on disk. This means rollback does not require re-downloading packages, rebuilding configurations, or restarting from scratch. The previous state is already there, fully built, ready to activate.
SafeSwitch: Automated Rollback on osModa
osModa builds on NixOS generations with SafeSwitch, an automated rollback mechanism. After every deployment, SafeSwitch runs a series of health checks: are the 9 Rust daemons (agentd, osmoda-mcpd, osmoda-watch, osmoda-routines, osmoda-voice, osmoda-mesh, osmoda-keyd, osmoda-teachd, osmoda-egress) running? Are configured ports responding? Are agent processes healthy?
If any health check fails, SafeSwitch automatically rolls back to the previous NixOS generation. No human intervention required. The failed deployment attempt and the automatic rollback are both recorded in the SHA-256 hash-chained audit ledger, providing a complete forensic trail. This is a core component of osModa's self-healing infrastructure.
Practical Implications for AI Agent Infrastructure
Atomic rollback is especially important for AI agent infrastructure because agents are long-running processes that depend on specific system configurations. A package update that breaks a Python dependency, a service configuration change that alters network access, or a firewall rule that blocks an API endpoint -- any of these can silently break an agent that was working correctly.
Zero Downtime Updates
Build the new generation while the current one runs. Switch atomically. If the switch fails, the previous generation is still running. Agents experience at most a brief restart, never a broken state.
Configuration Diffing
NixOS can diff two generations to show exactly what changed: which packages were added, removed, or updated, which configuration files were modified, and which services were affected. Full visibility before and after deployment.
Audit Trail
Every generation switch is logged in osModa's audit ledger: who triggered it, what changed, whether it succeeded or was rolled back. Critical for compliance (SOC 2, HIPAA) and incident forensics.
Data Preservation
Agent application data lives in data directories outside the NixOS generation. Rollback reverts the system configuration without touching databases, agent state files, or in-progress work.
For a detailed walkthrough of NixOS deployments and rollbacks on osModa, see the NixOS Atomic Deployments & Rollbacks guide.
Frequently Asked Questions
What does 'atomic' mean in atomic rollback?
Atomic means indivisible -- the operation either completes fully or does not happen at all. There is no intermediate state where some packages are updated and others are not. In NixOS, a system configuration switch is a single symlink change to a new generation. If the new generation fails health checks, the symlink reverts to the previous generation. At no point is the system in a partially updated state.
How fast is an atomic rollback on osModa?
Rollback on NixOS is typically under 5 seconds. The previous generation already exists on disk as a complete, pre-built system profile. Rollback is a symlink switch followed by service reactivation -- no packages are downloaded, no configurations are rebuilt. It is effectively instantaneous compared to traditional rollback approaches that require rebuilding or re-downloading.
What is NixOS SafeSwitch?
SafeSwitch is osModa's automated rollback mechanism built on NixOS generations. After a deployment, SafeSwitch runs health checks against the new configuration. If the checks fail -- agent processes not starting, ports not responding, daemons not healthy -- SafeSwitch automatically rolls back to the previous generation. Both the failed deployment and the rollback are recorded in the SHA-256 hash-chained audit ledger.
How does this differ from Docker rollbacks?
Docker rollbacks operate at the container level. If the container rolls back but the host OS configuration has drifted, you still have problems. NixOS atomic rollback operates at the entire system level: kernel modules, system packages, service configurations, user permissions, and firewall rules are all part of the generation. You cannot have a situation where one layer is correct but another is wrong.
Does rollback affect agent data?
No. Rollback reverts the system configuration -- packages, services, NixOS settings. Agent application data (databases, files the agent created, in-progress work) is stored in data directories that are not part of the NixOS generation. The system configuration reverts, but operational data is preserved.
How many rollback generations are available?
osModa retains previous NixOS generations on disk, each representing a complete system state that can be activated instantly. Older generations can be garbage collected to free storage. The audit ledger retains records of all generation switches regardless of whether the generation itself is still on disk.
Deploy with Confidence on NixOS
Every osModa server includes NixOS atomic rollback with SafeSwitch. Bad deploy? Automatic reversion in seconds. Plans from $14.99/month.
Spawn Server